source: http://www.securityfocus.com/bid/12036/info
PCAL is prone to a buffer overflow vulnerability. This issue is exposed when the application handles a calendar file that contains excessively long holiday data. Since calendar files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.
Successful exploitation of this issue will result in execution of arbitrary code as the user of the application.
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/25036.zip